Creating SSH Keys

Public key authentication (SSH Key) is a more secure alternative to password authentication
that allows users to avoid entering or storing a password, or sending it over the
network. Public key authentication uses the client computer to generate the
key-pair (a public key and a private key). The public key is then provided to the
remote computer's administrator to be installed on that machine.

To log in into other Aspera servers
with public key authentication, you need to generate a key-pair for the selected
user account, as follows:

Create a .ssh directory in your home directory if it does not already
exist:

$ mkdir /home/username/.ssh

Go to the .ssh folder:

$ cd /home/username/.ssh

Run ssh-keygen to generate an SSH key-pair.

Run the following command in the .ssh folder to create a key pair.
For key_type, specify either RSA (rsa)
or ED25519 (ed25519). At the prompt for the key-pair's
filename, press ENTER to use the default name id_rsa or
id_ed25519, or enter a different name, such as your
username. For a passphrase, you can either enter a password, or press return
twice to leave it
blank:

#ssh-keygen -t key_type

Note:
When you run ascp in FIPS mode
(<fips_enabled> is set to true in
aspera.conf), and you use passphrase-protected SSH
keys, you must either (1) use keys generated by running
ssh-keygen in a FIPS-enabled system, or (2) convert
existing keys to a FIPS-compatible format using a command such as the
following:

#openssl pkcs8 -topk8 -v2 aes128 -in id_rsa -out new-id_rsa

Retrieve the public key file.

The key-pair is generated to your home directory's .ssh folder. For
example, assuming you generated the key with the default name id_rsa:

/home/username/.ssh/id_rsa.pub

Provide
the public key file (for example, id_rsa.pub) to your
server administrator so that it can be set up for your server connection.
The instructions for installing the public key
on the server can be found in the Setting Up a User's Public Key on the Server; however, the
server may be installed on an operating system that is different from
the one where your client has been installed.

Start a transfer using public key authentication with the
ascp command.

To transfer files using public key authentication on the command line, use the
option -iprivate_key_file. For
example: